package com.ojoin.trade.common.web.service.impl;

import com.ojoin.trade.common.utils.CacheUtils;
import com.ojoin.trade.common.utils.CommonUtils;
import com.ojoin.trade.common.utils.SpringUtils;
import com.ojoin.trade.common.utils.security.Coder;
import com.ojoin.trade.common.web.dao.RoleDao;
import com.ojoin.trade.common.web.dao.UserDao;
import com.ojoin.trade.common.web.domain.Role;
import com.ojoin.trade.common.web.domain.User;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang.StringEscapeUtils;
import java.security.SecureRandom;

public class UserUtils {

	public static final String USER_CACHE = "sys-manageCache";
	public static final String DICT_CACHE = "sys-dictCache";
	public static final String USER_CACHE_ID_ = "id_";
	public static final String USER_CACHE_LOGIN_NAME_ = "ln_";

	private static final int HASH_INTERATIONS_UNIT = 1024;
	
	private static UserDao userDao=SpringUtils.getBean(UserDao.class);
	private static RoleDao roleDao=SpringUtils.getBean(RoleDao.class);
	
	/**
	 * 获取当前用户
	 * 
	 * @return 取不到返回 new User()
	 */
	public static User getUser() {
		User user = get(CommonUtils.getLoginUserId());
		if (user != null) {
			return user;
		}
		// 如果没有登录，则返回实例化空的User对象。
		return new User();
	}
	
	/**
	 * 根据ID获取用户
	 * 
	 * @param id
	 * @return 取不到返回null
	 */
	public static User get(Integer id) {
		return UserUtils.get(id,true);
	}

	/**
	 * 根据ID获取用户
	 *
	 * @param id
	 * @param usingCache
	 * @return 取不到返回null
	 */
	public static User get(Integer id,boolean usingCache) {
		User user =null;
		if(usingCache){
			user = (User) CacheUtils.get(USER_CACHE, USER_CACHE_ID_ + id);
		}
		if (user == null) {
			user = userDao.selectById(id);
			if (user == null) {
				return null;
			}

			Role role = new Role(user);
			role.setCurrentUser(new User());//fixed death loop
			user.setRoleList(roleDao.selectList(role));

			CacheUtils.put(USER_CACHE, USER_CACHE_ID_ + user.getId(), user);
			CacheUtils.put(USER_CACHE, USER_CACHE_LOGIN_NAME_ + user.getLoginName(), user);
		}
		return user;
	}


	/**
	 * 生成安全的密码，生成随机的8位salt并经过1024次 sha-1 hash
	 */
	public static String entryptPassword(String plainPassword) {
		String plain = StringEscapeUtils.unescapeHtml(plainPassword);
		final SecureRandom random = new SecureRandom();
		byte[] saltBytes = new byte[8];
		random.nextBytes(saltBytes);

		byte[] hashPassword = Coder.sha1(plain.getBytes(), saltBytes, HASH_INTERATIONS_UNIT);
		return new String(Hex.encodeHex(saltBytes))+new String(Hex.encodeHex(hashPassword));
	}

	/**
	 * 验证密码
	 * @param plainPassword 明文密码
	 * @param password 密文密码
	 * @return 验证成功返回true
	 */
	public static boolean validatePassword(String plainPassword, String password) {
		try{
			String plain = StringEscapeUtils.unescapeHtml(plainPassword);
			byte[] saltBytes = CommonUtils.decodeHex(password.substring(0,16));
			byte[] hashPassword = Coder.sha1(plain.getBytes(), saltBytes, HASH_INTERATIONS_UNIT);
			return password.equals(new String(Hex.encodeHex(saltBytes))+new String(Hex.encodeHex(hashPassword)));
		}catch (Exception e){
			return false;
		}

	}
}
